1 | package gov.va.med.edp.springframework.security.providers.vistalink;
|
---|
2 |
|
---|
3 | import gov.va.med.edp.springframework.security.userdetails.VistaUserDetails;
|
---|
4 | import gov.va.med.edp.springframework.security.userdetails.VistaUserDetailsService;
|
---|
5 | import junit.framework.TestCase;
|
---|
6 | import org.springframework.security.*;
|
---|
7 | import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
---|
8 | import org.springframework.security.providers.dao.UserCache;
|
---|
9 | import org.springframework.security.providers.dao.cache.NullUserCache;
|
---|
10 | import org.springframework.security.providers.x509.X509AuthenticationToken;
|
---|
11 | import org.springframework.security.userdetails.UserDetails;
|
---|
12 | import org.springframework.dao.DataRetrievalFailureException;
|
---|
13 | import org.easymock.MockControl;
|
---|
14 |
|
---|
15 | import java.util.HashMap;
|
---|
16 | import java.util.Map;
|
---|
17 |
|
---|
18 | public class VistaAuthenticationProviderTest extends TestCase {
|
---|
19 |
|
---|
20 | private static final String TEST_REMOTE_ADDRESS = "192.168.0.1";
|
---|
21 | private static final String TEST_STATION_NUMBER = "663";
|
---|
22 | private static final String TEST_ACCESS = "10VEHU";
|
---|
23 | private static final String TEST_VERIFY = "VEHU10";
|
---|
24 | private static final String TEST_DUZ = "12345";
|
---|
25 |
|
---|
26 | private VistaUserDetails user;
|
---|
27 | private VistaAuthenticationProviderTest.MockUserCache mockCache;
|
---|
28 |
|
---|
29 | private MockControl mockUserDetailServiceControl;
|
---|
30 | private VistaUserDetailsService mockUserDetailService;
|
---|
31 | private VistaAuthenticationProvider provider;
|
---|
32 |
|
---|
33 |
|
---|
34 | protected void setUp() throws Exception {
|
---|
35 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, TEST_ACCESS + ";" + TEST_VERIFY + ";" + TEST_REMOTE_ADDRESS, true, true, true, true, new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
|
---|
36 |
|
---|
37 | mockUserDetailServiceControl = MockControl.createControl(VistaUserDetailsService.class);
|
---|
38 | mockUserDetailService = (VistaUserDetailsService) mockUserDetailServiceControl.getMock();
|
---|
39 |
|
---|
40 | provider = new VistaAuthenticationProvider();
|
---|
41 | provider.setUserDetailsService(mockUserDetailService);
|
---|
42 | mockCache = new MockUserCache();
|
---|
43 | provider.setUserCache(mockCache);
|
---|
44 | provider.afterPropertiesSet();
|
---|
45 | }
|
---|
46 |
|
---|
47 | protected VistaUserDetails createUser(String logIEN, String stationNumber, String duz, String password, boolean nonExpired, boolean nonLocked, boolean credentialsNonExpired, boolean enabled, GrantedAuthority[] authorities) {
|
---|
48 | MockControl mockUserControl = MockControl.createControl(VistaUserDetails.class);
|
---|
49 | VistaUserDetails user = (VistaUserDetails) mockUserControl.getMock();
|
---|
50 | mockUserControl.expectAndDefaultReturn(user.getSignonLogInternalEntryNumber(), logIEN);
|
---|
51 | mockUserControl.expectAndDefaultReturn(user.getLoginStationNumber(), stationNumber);
|
---|
52 | mockUserControl.expectAndDefaultReturn(user.getDuz(), duz);
|
---|
53 | mockUserControl.expectAndDefaultReturn(user.isAccountNonExpired(), nonExpired);
|
---|
54 | mockUserControl.expectAndDefaultReturn(user.isAccountNonLocked(), nonLocked);
|
---|
55 | mockUserControl.expectAndDefaultReturn(user.isCredentialsNonExpired(), credentialsNonExpired);
|
---|
56 | mockUserControl.expectAndDefaultReturn(user.isEnabled(), enabled);
|
---|
57 | mockUserControl.expectAndDefaultReturn(user.getUsername(), duz + "@" + stationNumber);
|
---|
58 | mockUserControl.expectAndDefaultReturn(user.getPassword(), password);
|
---|
59 | mockUserControl.expectAndDefaultReturn(user.getAuthorities(), authorities);
|
---|
60 | mockUserControl.replay();
|
---|
61 | return user;
|
---|
62 | }
|
---|
63 |
|
---|
64 | public void testSupports() {
|
---|
65 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
66 |
|
---|
67 | assertTrue(provider.supports(VistaAuthenticationToken.class));
|
---|
68 | assertFalse(provider.supports(UsernamePasswordAuthenticationToken.class));
|
---|
69 | assertFalse(provider.supports(X509AuthenticationToken.class));
|
---|
70 | }
|
---|
71 |
|
---|
72 | public void testReceivedBadCredentialsWhenCredentialsNotProvided() {
|
---|
73 | mockUserDetailServiceControl.expectAndThrow(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, null, null), new BadCredentialsException("missing credentials"));
|
---|
74 | mockUserDetailServiceControl.replay();
|
---|
75 |
|
---|
76 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, null, null);
|
---|
77 | try {
|
---|
78 | provider.authenticate(token);
|
---|
79 | fail("Expected BadCredenialsException");
|
---|
80 | } catch (BadCredentialsException expected) {
|
---|
81 | // NOOP
|
---|
82 | }
|
---|
83 |
|
---|
84 | mockUserDetailServiceControl.verify();
|
---|
85 | }
|
---|
86 |
|
---|
87 | public void testAuthenticateFailsIfAccountExpired() {
|
---|
88 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, false, true, true, true, new GrantedAuthority[]{});
|
---|
89 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), user);
|
---|
90 | mockUserDetailServiceControl.replay();
|
---|
91 |
|
---|
92 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
93 |
|
---|
94 | try {
|
---|
95 | provider.authenticate(token);
|
---|
96 | fail("Should have thrown AccountExpiredException");
|
---|
97 | } catch (AccountExpiredException expected) {
|
---|
98 | assertTrue(true);
|
---|
99 | }
|
---|
100 | }
|
---|
101 |
|
---|
102 | public void testAuthenticateFailsIfAccountLocked() {
|
---|
103 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, true, false, true, true, new GrantedAuthority[]{});
|
---|
104 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), user);
|
---|
105 | mockUserDetailServiceControl.replay();
|
---|
106 |
|
---|
107 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
108 |
|
---|
109 | try {
|
---|
110 | provider.authenticate(token);
|
---|
111 | fail("Should have thrown LockedException");
|
---|
112 | } catch (LockedException expected) {
|
---|
113 | assertTrue(true);
|
---|
114 | }
|
---|
115 | }
|
---|
116 |
|
---|
117 | public void testAuthenticateFailsIfCredentialsExpired() {
|
---|
118 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, true, true, false, true, new GrantedAuthority[]{});
|
---|
119 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), user);
|
---|
120 | mockUserDetailServiceControl.replay();
|
---|
121 |
|
---|
122 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
123 | try {
|
---|
124 | provider.authenticate(token);
|
---|
125 | fail("Expected CredentialsExpiredException");
|
---|
126 | } catch (CredentialsExpiredException expected) {
|
---|
127 | // NOOP
|
---|
128 | }
|
---|
129 |
|
---|
130 | mockUserDetailServiceControl.verify();
|
---|
131 | }
|
---|
132 |
|
---|
133 | public void testAuthenticateFailsIfUserDisabled() {
|
---|
134 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, true, true, true, false, new GrantedAuthority[]{});
|
---|
135 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), user);
|
---|
136 | mockUserDetailServiceControl.replay();
|
---|
137 |
|
---|
138 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
139 |
|
---|
140 | try {
|
---|
141 | provider.authenticate(token);
|
---|
142 | fail("Should have thrown DisabledException");
|
---|
143 | } catch (DisabledException expected) {
|
---|
144 | assertTrue(true);
|
---|
145 | }
|
---|
146 | }
|
---|
147 |
|
---|
148 |
|
---|
149 | public void testAuthenticateFailsWhenAuthenticationDaoHasBackendFailure() {
|
---|
150 | mockUserDetailServiceControl.expectAndThrow(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), new DataRetrievalFailureException("This mock simulator is designed to fail"));
|
---|
151 | mockUserDetailServiceControl.replay();
|
---|
152 |
|
---|
153 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
154 | try {
|
---|
155 | provider.authenticate(token);
|
---|
156 | fail("Should have thrown AuthenticationServiceException");
|
---|
157 | } catch (AuthenticationServiceException expected) {
|
---|
158 | assertTrue(true);
|
---|
159 | }
|
---|
160 |
|
---|
161 | mockUserDetailServiceControl.verify();
|
---|
162 | }
|
---|
163 |
|
---|
164 | public void testAuthenticates() {
|
---|
165 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), user);
|
---|
166 | mockUserDetailServiceControl.replay();
|
---|
167 |
|
---|
168 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
169 | Authentication result = provider.authenticate(token);
|
---|
170 |
|
---|
171 | if (!(result instanceof VistaAuthenticationToken)) {
|
---|
172 | fail("Should have returned instance of VistaAuthenticationToken");
|
---|
173 | }
|
---|
174 | assertNotSame(token, result);
|
---|
175 |
|
---|
176 | VistaAuthenticationToken castResult = (VistaAuthenticationToken) result;
|
---|
177 | assertTrue(VistaUserDetails.class.isAssignableFrom(castResult.getPrincipal().getClass()));
|
---|
178 | assertEquals(TEST_ACCESS, castResult.getAccessCode());
|
---|
179 | assertEquals(TEST_VERIFY, castResult.getVerifyCode());
|
---|
180 | assertEquals("ROLE_ONE", castResult.getAuthorities()[0].getAuthority());
|
---|
181 | assertEquals("ROLE_TWO", castResult.getAuthorities()[1].getAuthority());
|
---|
182 | assertEquals(TEST_REMOTE_ADDRESS, castResult.getDetails());
|
---|
183 |
|
---|
184 | mockUserDetailServiceControl.verify();
|
---|
185 | }
|
---|
186 |
|
---|
187 | public void testAuthenticatesASecondTime() {
|
---|
188 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS),user);
|
---|
189 | mockUserDetailServiceControl.replay();
|
---|
190 |
|
---|
191 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
192 |
|
---|
193 | Authentication result = provider.authenticate(token);
|
---|
194 |
|
---|
195 | if (!(result instanceof VistaAuthenticationToken)) {
|
---|
196 | fail("Should have returned instance of VistaAuthenticationToken");
|
---|
197 | }
|
---|
198 |
|
---|
199 | // Now try to authenticate with the previous result (with its UserDetails)
|
---|
200 | Authentication result2 = provider.authenticate(result);
|
---|
201 |
|
---|
202 | if (!(result2 instanceof VistaAuthenticationToken)) {
|
---|
203 | fail("Should have returned instance of VistaAuthenticationToken");
|
---|
204 | }
|
---|
205 |
|
---|
206 | assertNotSame(result, result2);
|
---|
207 | assertEquals(result.getCredentials(), result2.getCredentials());
|
---|
208 | }
|
---|
209 |
|
---|
210 | public void testDetectsNullBeingReturnedFromAuthenticationDao() {
|
---|
211 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), null);
|
---|
212 | mockUserDetailServiceControl.replay();
|
---|
213 |
|
---|
214 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
215 |
|
---|
216 | try {
|
---|
217 | provider.authenticate(token);
|
---|
218 | fail("Should have thrown AuthenticationServiceException");
|
---|
219 | } catch (AuthenticationServiceException expected) {
|
---|
220 | assertEquals("VistaUserDetailsService returned null, which is an interface contract violation",
|
---|
221 | expected.getMessage());
|
---|
222 | }
|
---|
223 | }
|
---|
224 |
|
---|
225 | public void testGoesBackToAuthenticationDaoToObtainLatestVerifyCodeIfCachedVerifyCodeSeemsIncorrect() {
|
---|
226 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS), user);
|
---|
227 | mockUserDetailServiceControl.replay();
|
---|
228 |
|
---|
229 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
230 |
|
---|
231 | // This will work, as password still "koala"
|
---|
232 | provider.authenticate(token);
|
---|
233 |
|
---|
234 | // Check "12345@663 = 10VEHU;VEHU10;192.168.0.1" ended up in the cache
|
---|
235 | assertEquals(TEST_ACCESS + ";" + TEST_VERIFY + ";" + TEST_REMOTE_ADDRESS, mockCache.getUserFromCache(TEST_DUZ + "@" + TEST_STATION_NUMBER).getPassword());
|
---|
236 | mockUserDetailServiceControl.verify();
|
---|
237 |
|
---|
238 | // Now change the password the AuthenticationDao will return
|
---|
239 | mockUserDetailServiceControl.reset();
|
---|
240 |
|
---|
241 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, TEST_ACCESS + ";easternLongNeckTurtle;" + TEST_REMOTE_ADDRESS, true, true, true, true, new GrantedAuthority[] {new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO")});
|
---|
242 | mockUserDetailServiceControl.expectAndReturn(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, "easternLongNeckTurtle", TEST_REMOTE_ADDRESS), user);
|
---|
243 | mockUserDetailServiceControl.replay();
|
---|
244 |
|
---|
245 | // Now try authentication again, with the new password
|
---|
246 | token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, "easternLongNeckTurtle", TEST_REMOTE_ADDRESS);
|
---|
247 | provider.authenticate(token);
|
---|
248 |
|
---|
249 | // To get this far, the new password was accepted
|
---|
250 | // Check the cache was updated
|
---|
251 | assertEquals("10VEHU;easternLongNeckTurtle;192.168.0.1", mockCache.getUserFromCache(TEST_DUZ + "@" + TEST_STATION_NUMBER).getPassword());
|
---|
252 | }
|
---|
253 |
|
---|
254 | public void testStartupFailsIfNoVistaUserDetailsService()
|
---|
255 | throws Exception {
|
---|
256 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
257 |
|
---|
258 | try {
|
---|
259 | provider.afterPropertiesSet();
|
---|
260 | fail("Should have thrown IllegalArgumentException");
|
---|
261 | } catch (IllegalArgumentException expected) {
|
---|
262 | assertTrue(true);
|
---|
263 | }
|
---|
264 | }
|
---|
265 |
|
---|
266 | public void testStartupFailsIfNoUserCacheSet() throws Exception {
|
---|
267 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
268 | provider.setUserDetailsService(mockUserDetailService);
|
---|
269 | assertEquals(NullUserCache.class, provider.getUserCache().getClass());
|
---|
270 | provider.setUserCache(null);
|
---|
271 |
|
---|
272 | try {
|
---|
273 | provider.afterPropertiesSet();
|
---|
274 | fail("Should have thrown IllegalArgumentException");
|
---|
275 | } catch (IllegalArgumentException expected) {
|
---|
276 | assertTrue(true);
|
---|
277 | }
|
---|
278 | }
|
---|
279 |
|
---|
280 | public void testStartupSuccess() throws Exception {
|
---|
281 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
282 | provider.setUserDetailsService(mockUserDetailService);
|
---|
283 | provider.setUserCache(new MockUserCache());
|
---|
284 | assertSame(mockUserDetailService, provider.getUserDetailsService());
|
---|
285 | provider.afterPropertiesSet();
|
---|
286 | }
|
---|
287 |
|
---|
288 | private class MockUserCache implements UserCache {
|
---|
289 | private Map cache = new HashMap();
|
---|
290 |
|
---|
291 | public UserDetails getUserFromCache(String username) {
|
---|
292 | return (UserDetails) cache.get(username);
|
---|
293 | }
|
---|
294 |
|
---|
295 | public void putUserInCache(UserDetails user) {
|
---|
296 | cache.put(user.getUsername(), user);
|
---|
297 | }
|
---|
298 |
|
---|
299 | public void removeUserFromCache(String username) {
|
---|
300 | }
|
---|
301 | }
|
---|
302 | }
|
---|
303 |
|
---|
304 | /* this is the source for when we move to java 5 an later easymock version
|
---|
305 | import gov.va.med.edp.springframework.security.userdetails.VistaUserDetails;
|
---|
306 | import gov.va.med.edp.springframework.security.userdetails.VistaUserDetailsService;
|
---|
307 | import junit.framework.TestCase;
|
---|
308 | import org.springframework.security.*;
|
---|
309 | import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
|
---|
310 | import org.springframework.security.providers.dao.UserCache;
|
---|
311 | import org.springframework.security.providers.dao.cache.NullUserCache;
|
---|
312 | import org.springframework.security.providers.x509.X509AuthenticationToken;
|
---|
313 | import org.springframework.security.userdetails.UserDetails;
|
---|
314 | import org.easymock.EasyMock;
|
---|
315 | import static org.easymock.EasyMock.*;
|
---|
316 | import org.springframework.dao.DataRetrievalFailureException;
|
---|
317 |
|
---|
318 | import java.util.HashMap;
|
---|
319 | import java.util.Map;
|
---|
320 |
|
---|
321 | public class VistaAuthenticationProviderTest extends TestCase {
|
---|
322 |
|
---|
323 | private static final String TEST_REMOTE_ADDRESS = "192.168.0.1";
|
---|
324 | private static final String TEST_STATION_NUMBER = "663";
|
---|
325 | private static final String TEST_ACCESS = "10VEHU";
|
---|
326 | private static final String TEST_VERIFY = "VEHU10";
|
---|
327 | private static final String TEST_DUZ = "12345";
|
---|
328 |
|
---|
329 | private VistaUserDetails user;
|
---|
330 | private VistaAuthenticationProviderTest.MockUserCache mockCache;
|
---|
331 |
|
---|
332 | private VistaUserDetailsService mockUserDetailService;
|
---|
333 | private VistaAuthenticationProvider provider;
|
---|
334 |
|
---|
335 |
|
---|
336 | protected void setUp() throws Exception {
|
---|
337 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, TEST_ACCESS + ";" + TEST_VERIFY + ";" + TEST_REMOTE_ADDRESS, true, true, true, true, new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO"));
|
---|
338 |
|
---|
339 | mockUserDetailService = EasyMock.createMock(VistaUserDetailsService.class);
|
---|
340 |
|
---|
341 | provider = new VistaAuthenticationProvider();
|
---|
342 | provider.setUserDetailsService(mockUserDetailService);
|
---|
343 | mockCache = new MockUserCache();
|
---|
344 | provider.setUserCache(mockCache);
|
---|
345 | provider.afterPropertiesSet();
|
---|
346 | }
|
---|
347 |
|
---|
348 | protected VistaUserDetails createUser(String logIEN, String stationNumber, String duz, String password, boolean nonExpired, boolean nonLocked, boolean credentialsNonExpired, boolean enabled, GrantedAuthority... authorities) {
|
---|
349 | VistaUserDetails user = EasyMock.createMock(VistaUserDetails.class);
|
---|
350 | EasyMock.expect(user.getSignonLogInternalEntryNumber()).andReturn(logIEN).anyTimes();
|
---|
351 | EasyMock.expect(user.getLoginStationNumber()).andReturn(stationNumber).anyTimes();
|
---|
352 | EasyMock.expect(user.getDuz()).andReturn(duz).anyTimes();
|
---|
353 | EasyMock.expect(user.isAccountNonExpired()).andReturn(nonExpired).anyTimes();
|
---|
354 | EasyMock.expect(user.isAccountNonLocked()).andReturn(nonLocked).anyTimes();
|
---|
355 | EasyMock.expect(user.isCredentialsNonExpired()).andReturn(credentialsNonExpired).anyTimes();
|
---|
356 | EasyMock.expect(user.isEnabled()).andReturn(enabled).anyTimes();
|
---|
357 | EasyMock.expect(user.getUsername()).andReturn(duz + "@" + stationNumber).anyTimes();
|
---|
358 | EasyMock.expect(user.getPassword()).andReturn(password).anyTimes();
|
---|
359 | EasyMock.expect(user.getAuthorities()).andReturn(authorities).anyTimes();
|
---|
360 | EasyMock.replay(user);
|
---|
361 | return user;
|
---|
362 | }
|
---|
363 |
|
---|
364 | public void testSupports() {
|
---|
365 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
366 |
|
---|
367 | assertTrue(provider.supports(VistaAuthenticationToken.class));
|
---|
368 | assertFalse(provider.supports(UsernamePasswordAuthenticationToken.class));
|
---|
369 | assertFalse(provider.supports(X509AuthenticationToken.class));
|
---|
370 | }
|
---|
371 |
|
---|
372 | public void testReceivedBadCredentialsWhenCredentialsNotProvided() {
|
---|
373 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, null, null)).andThrow(new BadCredentialsException("missing credentials"));
|
---|
374 | replay(mockUserDetailService);
|
---|
375 |
|
---|
376 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, null, null);
|
---|
377 | try {
|
---|
378 | provider.authenticate(token);
|
---|
379 | fail("Expected BadCredenialsException");
|
---|
380 | } catch (BadCredentialsException expected) {
|
---|
381 | // NOOP
|
---|
382 | }
|
---|
383 |
|
---|
384 | verify(mockUserDetailService);
|
---|
385 | }
|
---|
386 |
|
---|
387 | public void testAuthenticateFailsIfAccountExpired() {
|
---|
388 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, false, true, true, true);
|
---|
389 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
390 | replay(mockUserDetailService);
|
---|
391 |
|
---|
392 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
393 |
|
---|
394 | try {
|
---|
395 | provider.authenticate(token);
|
---|
396 | fail("Should have thrown AccountExpiredException");
|
---|
397 | } catch (AccountExpiredException expected) {
|
---|
398 | assertTrue(true);
|
---|
399 | }
|
---|
400 | }
|
---|
401 |
|
---|
402 | public void testAuthenticateFailsIfAccountLocked() {
|
---|
403 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, true, false, true, true);
|
---|
404 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
405 | replay(mockUserDetailService);
|
---|
406 |
|
---|
407 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
408 |
|
---|
409 | try {
|
---|
410 | provider.authenticate(token);
|
---|
411 | fail("Should have thrown LockedException");
|
---|
412 | } catch (LockedException expected) {
|
---|
413 | assertTrue(true);
|
---|
414 | }
|
---|
415 | }
|
---|
416 |
|
---|
417 | public void testAuthenticateFailsIfCredentialsExpired() {
|
---|
418 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, true, true, false, true);
|
---|
419 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
420 | replay(mockUserDetailService);
|
---|
421 |
|
---|
422 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
423 | try {
|
---|
424 | provider.authenticate(token);
|
---|
425 | fail("Expected CredentialsExpiredException");
|
---|
426 | } catch (CredentialsExpiredException expected) {
|
---|
427 | // NOOP
|
---|
428 | }
|
---|
429 |
|
---|
430 | verify(mockUserDetailService);
|
---|
431 | }
|
---|
432 |
|
---|
433 | public void testAuthenticateFailsIfUserDisabled() {
|
---|
434 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, null, true, true, true, false);
|
---|
435 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
436 | replay(mockUserDetailService);
|
---|
437 |
|
---|
438 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
439 |
|
---|
440 | try {
|
---|
441 | provider.authenticate(token);
|
---|
442 | fail("Should have thrown DisabledException");
|
---|
443 | } catch (DisabledException expected) {
|
---|
444 | assertTrue(true);
|
---|
445 | }
|
---|
446 | }
|
---|
447 |
|
---|
448 |
|
---|
449 | public void testAuthenticateFailsWhenAuthenticationDaoHasBackendFailure() {
|
---|
450 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andThrow(new DataRetrievalFailureException("This mock simulator is designed to fail"));
|
---|
451 | replay(mockUserDetailService);
|
---|
452 |
|
---|
453 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
454 | try {
|
---|
455 | provider.authenticate(token);
|
---|
456 | fail("Should have thrown AuthenticationServiceException");
|
---|
457 | } catch (AuthenticationServiceException expected) {
|
---|
458 | assertTrue(true);
|
---|
459 | }
|
---|
460 |
|
---|
461 | verify(mockUserDetailService);
|
---|
462 | }
|
---|
463 |
|
---|
464 | public void testAuthenticates() {
|
---|
465 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
466 | replay(mockUserDetailService);
|
---|
467 |
|
---|
468 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
469 | Authentication result = provider.authenticate(token);
|
---|
470 |
|
---|
471 | if (!(result instanceof VistaAuthenticationToken)) {
|
---|
472 | fail("Should have returned instance of VistaAuthenticationToken");
|
---|
473 | }
|
---|
474 | assertNotSame(token, result);
|
---|
475 |
|
---|
476 | VistaAuthenticationToken castResult = (VistaAuthenticationToken) result;
|
---|
477 | assertTrue(VistaUserDetails.class.isAssignableFrom(castResult.getPrincipal().getClass()));
|
---|
478 | assertEquals(TEST_ACCESS, castResult.getAccessCode());
|
---|
479 | assertEquals(TEST_VERIFY, castResult.getVerifyCode());
|
---|
480 | assertEquals("ROLE_ONE", castResult.getAuthorities()[0].getAuthority());
|
---|
481 | assertEquals("ROLE_TWO", castResult.getAuthorities()[1].getAuthority());
|
---|
482 | assertEquals(TEST_REMOTE_ADDRESS, castResult.getDetails());
|
---|
483 |
|
---|
484 | verify(mockUserDetailService);
|
---|
485 | }
|
---|
486 |
|
---|
487 | public void testAuthenticatesASecondTime() {
|
---|
488 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
489 | replay(mockUserDetailService);
|
---|
490 |
|
---|
491 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
492 |
|
---|
493 | Authentication result = provider.authenticate(token);
|
---|
494 |
|
---|
495 | if (!(result instanceof VistaAuthenticationToken)) {
|
---|
496 | fail("Should have returned instance of VistaAuthenticationToken");
|
---|
497 | }
|
---|
498 |
|
---|
499 | // Now try to authenticate with the previous result (with its UserDetails)
|
---|
500 | Authentication result2 = provider.authenticate(result);
|
---|
501 |
|
---|
502 | if (!(result2 instanceof VistaAuthenticationToken)) {
|
---|
503 | fail("Should have returned instance of VistaAuthenticationToken");
|
---|
504 | }
|
---|
505 |
|
---|
506 | assertNotSame(result, result2);
|
---|
507 | assertEquals(result.getCredentials(), result2.getCredentials());
|
---|
508 | }
|
---|
509 |
|
---|
510 | public void testDetectsNullBeingReturnedFromAuthenticationDao() {
|
---|
511 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(null);
|
---|
512 | replay(mockUserDetailService);
|
---|
513 |
|
---|
514 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
515 |
|
---|
516 | try {
|
---|
517 | provider.authenticate(token);
|
---|
518 | fail("Should have thrown AuthenticationServiceException");
|
---|
519 | } catch (AuthenticationServiceException expected) {
|
---|
520 | assertEquals("VistaUserDetailsService returned null, which is an interface contract violation",
|
---|
521 | expected.getMessage());
|
---|
522 | }
|
---|
523 | }
|
---|
524 |
|
---|
525 | public void testGoesBackToAuthenticationDaoToObtainLatestVerifyCodeIfCachedVerifyCodeSeemsIncorrect() {
|
---|
526 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
527 | replay(mockUserDetailService);
|
---|
528 |
|
---|
529 | VistaAuthenticationToken token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, TEST_VERIFY, TEST_REMOTE_ADDRESS);
|
---|
530 |
|
---|
531 | // This will work, as password still "koala"
|
---|
532 | provider.authenticate(token);
|
---|
533 |
|
---|
534 | // Check "12345@663 = 10VEHU;VEHU10;192.168.0.1" ended up in the cache
|
---|
535 | assertEquals(TEST_ACCESS + ";" + TEST_VERIFY + ";" + TEST_REMOTE_ADDRESS, mockCache.getUserFromCache(TEST_DUZ + "@" + TEST_STATION_NUMBER).getPassword());
|
---|
536 | verify(mockUserDetailService);
|
---|
537 |
|
---|
538 | // Now change the password the AuthenticationDao will return
|
---|
539 | EasyMock.reset(mockUserDetailService);
|
---|
540 | user = createUser("54321.123456789", TEST_STATION_NUMBER, TEST_DUZ, TEST_ACCESS + ";easternLongNeckTurtle;" + TEST_REMOTE_ADDRESS, true, true, true, true, new GrantedAuthorityImpl("ROLE_ONE"), new GrantedAuthorityImpl("ROLE_TWO"));
|
---|
541 | expect(mockUserDetailService.login(TEST_STATION_NUMBER, TEST_ACCESS, "easternLongNeckTurtle", TEST_REMOTE_ADDRESS)).andReturn(user);
|
---|
542 | replay(mockUserDetailService);
|
---|
543 |
|
---|
544 | // Now try authentication again, with the new password
|
---|
545 | token = new VistaAuthenticationToken(TEST_STATION_NUMBER, TEST_ACCESS, "easternLongNeckTurtle", TEST_REMOTE_ADDRESS);
|
---|
546 | provider.authenticate(token);
|
---|
547 |
|
---|
548 | // To get this far, the new password was accepted
|
---|
549 | // Check the cache was updated
|
---|
550 | assertEquals("10VEHU;easternLongNeckTurtle;192.168.0.1", mockCache.getUserFromCache(TEST_DUZ + "@" + TEST_STATION_NUMBER).getPassword());
|
---|
551 | }
|
---|
552 |
|
---|
553 | public void testStartupFailsIfNoVistaUserDetailsService()
|
---|
554 | throws Exception {
|
---|
555 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
556 |
|
---|
557 | try {
|
---|
558 | provider.afterPropertiesSet();
|
---|
559 | fail("Should have thrown IllegalArgumentException");
|
---|
560 | } catch (IllegalArgumentException expected) {
|
---|
561 | assertTrue(true);
|
---|
562 | }
|
---|
563 | }
|
---|
564 |
|
---|
565 | public void testStartupFailsIfNoUserCacheSet() throws Exception {
|
---|
566 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
567 | provider.setUserDetailsService(mockUserDetailService);
|
---|
568 | assertEquals(NullUserCache.class, provider.getUserCache().getClass());
|
---|
569 | provider.setUserCache(null);
|
---|
570 |
|
---|
571 | try {
|
---|
572 | provider.afterPropertiesSet();
|
---|
573 | fail("Should have thrown IllegalArgumentException");
|
---|
574 | } catch (IllegalArgumentException expected) {
|
---|
575 | assertTrue(true);
|
---|
576 | }
|
---|
577 | }
|
---|
578 |
|
---|
579 | public void testStartupSuccess() throws Exception {
|
---|
580 | VistaAuthenticationProvider provider = new VistaAuthenticationProvider();
|
---|
581 | provider.setUserDetailsService(mockUserDetailService);
|
---|
582 | provider.setUserCache(new MockUserCache());
|
---|
583 | assertSame(mockUserDetailService, provider.getUserDetailsService());
|
---|
584 | provider.afterPropertiesSet();
|
---|
585 | }
|
---|
586 |
|
---|
587 | private class MockUserCache implements UserCache {
|
---|
588 | private Map cache = new HashMap();
|
---|
589 |
|
---|
590 | public UserDetails getUserFromCache(String username) {
|
---|
591 | return (UserDetails) cache.get(username);
|
---|
592 | }
|
---|
593 |
|
---|
594 | public void putUserInCache(UserDetails user) {
|
---|
595 | cache.put(user.getUsername(), user);
|
---|
596 | }
|
---|
597 |
|
---|
598 | public void removeUserFromCache(String username) {
|
---|
599 | }
|
---|
600 | }
|
---|
601 | }
|
---|
602 | */
|
---|